Shoddy record-keeping and human error were to blame for the bulk of the problems.

WASHINGTON -- The nation's top two law enforcement officials acknowledged Friday the FBI broke the law to secretly pry out personal information about Americans. They apologized and vowed to prevent further illegal intrusions.

Attorney General Alberto Gonzales left open the possibility of pursuing criminal charges against FBI agents or lawyers who improperly used the USA Patriot Act in pursuit of suspected terrorists and spies.

The FBI's transgressions were spelled out in a damning 126-page audit by Justice Department inspector general Glenn A. Fine. He found that agents sometimes demanded personal data on people without official authorization, and in other cases improperly obtained telephone records in nonemergency circumstances.

The audit also concluded that the FBI for three years underreported to Congress how often it used national security letters to force businesses to turn over customer data. The letters are administrative subpoenas that don't require a judge's approval.

Fixing the problems

"People have to believe in what we say," Gonzales said. "And so I think this was very upsetting to me. And it's frustrating."

"We have some work to do to reassure members of Congress and the American people that we are serious about being responsible in the exercise of these authorities," he said.

Under the Patriot Act, the national security letters give the FBI authority to demand that telephone companies, Internet service providers, banks, credit bureaus and other businesses produce personal records about their customers or subscribers. About three-fourths of the letters issued between 2003 and 2005 involved counterterror cases, with the rest for espionage investigations, the audit reported.

Shoddy record-keeping and human error were to blame for the bulk of the problems, said Justice auditors who were careful to note they found no indication of criminal misconduct.

Still, "we believe the improper or illegal uses we found involve serious misuses of national security letter authorities," the audit concluded.

FBI director Robert S. Mueller said many of the problems were being fixed, including by building a better internal data collection system and training employees on the limits of their authority. The FBI has also scrapped the use of "exigent letters," which were used to gather information without the signed permission of an authorized official.

"But the question should and must be asked: How could this happen? Who is accountable?" Mueller said. "And the answer to that is, I am to be held accountable."

Mueller said he had not been asked to resign, nor had he discussed doing so with other officials. He said employees would probably face disciplinary actions, not criminal charges, following an internal investigation of how the violations occurred.

The audit incensed lawmakers in Congress already seething over the recent dismissals of eight U.S. attorneys. Democrats who lead House and Senate judiciary and intelligence oversight panels promised hearings on the findings. Several lawmakers -- Republicans and Democrats alike -- raised the possibility of scaling back the FBI's authority.

Constitutional rights

The American Civil Liberties Union said the audit proves Congress must amend the Patriot Act to require judicial approval anytime the FBI wants access to sensitive personal information.

"The attorney general and the FBI are part of the problem, and they cannot be trusted to be part of the solution," said ACLU's executive director, Anthony D. Romero.

Both Gonzales and Mueller called the national security letters vital tools in pursuing terrorists and spies in the United States. "They are the bread and butter of our investigations," Mueller said.

Gonzales asked the inspector general to issue a follow-up audit in July on whether the FBI had followed recommendations to fix the problems.

Fine's annual review is required by Congress, over the objections of the Bush administration. It concluded that the number of national security letters requested by the FBI skyrocketed in the years after the Patriot Act became law. Each letter issued may contain several requests.

In 2000, for example, the FBI issued an estimated 8,500 requests. That number peaked in 2004 with 56,000. Overall, the FBI reported issuing 143,074 requests for national security letters between 2003 and 2005.

But that did not include an additional 8,850 requests that were never recorded in the FBI's database, the audit found. A sample review of 77 case files at four FBI field offices showed that agents had underreported the number of national security letter requests by about 22 percent.

Additionally, the audit found, the FBI identified 26 possible violations in its use of the letters, including failing to get proper authorization, making improper requests under the law and unauthorized collection of telephone or Internet e-mail records.

The FBI also used exigent letters to quickly get information -- sometimes in non-emergency situations -- without going through proper channels. In at least 700 cases, these letters were sent to three telephone companies to get billing records and subscriber information, the audit found.